Header graphic for print

HL Chronicle of Data Protection

Privacy & Information Security News & Trends

Posted in Consumer Privacy

The Hidden Mini-Dissents in the Data Broker Report of Federal Trade Commissioner Wright

On May 27, the Federal Trade Commission (FTC) issued a report on the data broker industry that found data brokers operate with a “fundamental lack of transparency.” The commission unanimously recommended that Congress consider enacting legislation to make data broker practices more visible to consumers and to give consumers greater control over the immense amounts of personal information about them that are collected and shared by data brokers. Not well-recognized at the time were a number of concerns, mini-dissents if you will, expressed by Federal Trade Commissioner Josh Wright. I recently asked Commissioner Wright some questions about his “dissent by footnotes.” Continue Reading

Posted in International/EU Privacy

EU Data Protection Supervisor’s Workshop Examines Role of Privacy in Merger Reviews and Competition Investigations

In a recent client alert, Hogan Lovells partners from the firm’s London and Washington, D.C. offices highlighted key takeaways for businesses following the European Data Protection Supervisor’s (EDPS) Workshop on Privacy, Consumers, Competition and Big Data.

The workshop, hosted by EDPS in the European Parliament in Brussels on 2 June 2014, discussed the technological advances and market for ‘big data’ analytics and the policy implications for the fields of data protection, competition and consumer protection of the rapidly expanding digital economy in the EU and in other regions, particularly the in US. Around 70 experts attended, including representatives from the European regulators and the US Federal Trade Commission. Continue Reading

Posted in International/EU Privacy

Cookie Consent—What’s Changed?

Almost five years ago, EU legislators shocked the Internet world by changing the legal requirement for the use of cookies and similar device identification techniques from “notice and opt-out” to “notice and consent.” At first, there was a sense of disbelief about whether this sudden legal twist was for real. As the dust settled, it became clear that what had been common practice until then—sticking a generic paragraph about the use of cookies in the privacy policy and referring users to the browser’s menu for further control—was no longer enough to comply with the new requirement. Continue Reading

Posted in Cybersecurity & Data Breaches

2014 Intelligence Authorization Act Requires Contractors to Report Cybersecurity Breaches

On Monday, 7 July, the president signed into law the Intelligence Authorization Act for Fiscal Year (FY) 2014 (Pub. L. 113-126), which requires intelligence contractors with security clearances to promptly report network and information system penetrations and provide government investigators access to such systems. This new statutory cybersecurity reporting requirement for cleared intelligence contractors is largely consistent with a reporting requirement applicable to cleared U.S. Department of Defense contractors under the National Defense Authorization Act for FY 2013.

Read our detailed advisory opinion here.

This post was originally published on the Hogan Lovells Focus on Regulation blog.

Posted in News & Events

Hogan Lovells White Paper on National Security Access to Cloud Data Updated to Add Analysis of Brazil, Italy, Spain

Hogan Lovells today published an update to the White Paper A Sober Look at National Security Access to Data in the Cloud, which compares national security access to data stored with Cloud service providers in a number of countries. The White Paper adds analyses of the laws of Brazil, Italy, and Spain, and reflects the April 2014 opinion of the European Court of Justice invalidating the EU Data Retention Directive. The updated paper now compares the national security access laws of the United States, Australia, Brazil, Canada, France, Germany, Italy, Spain, and the United Kingdom. Continue Reading

Posted in International/EU Privacy

Russia Enacts Data Localization Requirement; New Rules Restricting Online Content Come into Effect

Two developments in Russian law this summer could significantly limit the ability of cloud and other online services to publish online content and to make Russian data remotely available online.  The first is the advancement of legislation requiring data operators to store locally in Russia information of Russian citizens.  The second is the countdown to the effective date of new rules that impose onerous registration, content, and censorship requirements on certain website operators and electronic communication services.  We address each here in turn. Continue Reading

Posted in International/EU Privacy

Hogan Lovells White Paper Examines Governmental Access to Data in the U.S. and Latin America

Hogan Lovells today published Pan-American Governmental Access to Data in the Cloud, the fifth installment in a series of White Papers examining government access to data held by Cloud service providers. Examining the right of governments in the United States and Latin America to access data in the Cloud, the White Paper concludes that the physical location of Cloud servers does not significantly affect government access to data stored on those servers, and that it is fundamentally incorrect to assume that the United States government’s access to data in the Cloud is greater than that in the Latin American countries examined. Continue Reading

Posted in International/EU Privacy

CNIL: Cookie Sweep in September and Audits in October

The French data protection authority has announced that following the “cookie sweep day” due to take place the week commencing 15 September 2014, it will launch a program of website audits in October to verify compliance with the CNIL’s 5 December 2013 cookie recommendations.  The audit will be conducted either through on-site inspections, or through remote electronic inspections.  Not all cookies require prior consent by the Internet user under the CNIL’s December recommendations.   However, for those cookies that require prior consent (e.g., cookies set by third party advertising networks), the CNIL will verify how consent is obtained.  Under the CNIL’s December 2013 recommendation, consent can be obtained either through an explicit click, or through the Internet user’s decision to navigate further within the site notwithstanding the persistent banner informing the user that cookies may be placed on the site. Continue Reading

Posted in News & Events

Hogan Lovells’ Privacy and Information Management Practice Retains Top-Tier Ranking from Legal 500

The Hogan Lovells Privacy and Information Management practice has received a ”first tier” ranking from the ratings guide Legal 500 US in the “Technology: Data Protection and Privacy” category. Partners Christopher Wolf and Marcy Wilder were also each recognized as “leading lawyers” in the field. Legal 500 notes that the Privacy and Information Management practice at Hogan Lovells is “among the best’ at advising ‘not only on where the law is, but where it is heading’.”

Posted in International/EU Privacy

UK Government Seeks to Preserve Data Retention Powers

On 10 July, the UK government announced cross-party backing for emergency legislation designed to ensure that the police and security services can continue to access communications data held by communications service providers for the purpose of investigating criminal activity and protecting national security. This is in response to the recent European Court of Justice judgment of 8 April 2014 in joined cases (C-293/12 Digital Rights Ireland & C-594/12 Seitlinger) which declared the Data Retention Directive (2006/24/EC) invalid. Continue Reading